>> ARCHIVE: 2019-04

Administrative credentials submitted to the Arris Touchstone TG1672 are sent over HTTP base64 encoded in a GET request.

Open-Xchange AppSuite versions 7.10.1 and below suffer from information exposure and improper access control vulnerabilities.

WordPress Form Maker plugin version 1.13.2 suffers from cross site request forgery and local file inclusion vulnerabilities.

NC450 version 1.5.0 Build 181022 Rel.3A033D contains a hardcoded root credential within its Linux distribution image.

Magic ISO Maker version 5.5 build 281 suffers from a denial of service vulnerability.

Lupusec XT2 Plus Main Panel with firmware 0l0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery…